Krebs On Security reported yesterday that DocuSign, a major provider of electronic signature technology, has acknowledged that a series of recent malware phishing attacks targeting its customers and users was the result of a data breach at one of its computer systems. The company stresses that the data stolen was limited to customer and user email addresses, but the incident is especially dangerous because it allows attackers to target users who may already be expecting to click on links in emails from DocuSign. Ajay Uggirala, Director at Imperva commented below.
Ajay Uggirala, Director at Imperva:
“The cost associated with a phishing campaigns has gone down over the past year – making it easier than ever to launch a phishing campaign due to the availability inexpensive servers and DIY kits. As we see in this attack, even the most tech savvy companies and users can fall victim to phishing, as it just takes one well-crafted email to be clicked by one person. Therefore, we must not be complacent when it comes to user training and awareness. And remember, if you are not 100% sure an email is genuine (no matter how urgent it sounds) it is always better to check with your IT team first.”